New Problem: Disk Antivirus Professional

Feb 04

New threats from old enemies are something that no one welcomes, but at least we know what to expect and how to fight it. Disk Antivirus Professional is definitely the newest fake antivirus program out there, but it is a direct clone of System Progressive Protection and Live Security Platinum, so it possesses all features that are common to Rogue.WinWebSec family of rogues. The relation is obvious at once, especially since Disk Antivirus Professional and System Progressive Protection share the same interface.

The sooner user removes Disk Antivirus Professional from the computer the better, but sometimes users fall victims for this fraud without even realizing it. It is important to tell Disk Antivirus Professional apart from real antivirus program. Naturally, since its poses as a computer security program it has all the features applicable that one would normally find on a genuine antivirus program. For example, Disk Antivirus Professional supports six languages (English, German, French, Spanish, Italian, Portuguese) and the language can be changed according to the user’s preferences. Yet that is no reason to believe in everything Disk Antivirus Professional says.

The rogue’s behavior is suspicious enough from the very beginning – it initiates a fake system scan without any confirmation from the user. But that is only the façade; as there are a lot of things Disk Antivirus Professional behind the user’s back. Disk Antivirus Professional can easily terminate various executable programs and system processes, including such important processes csrss.exe and lsass.exe. It also blocks Task Manager and configures the Registry in a way that makes Disk Antivirus Professional start automatically each time you turn on your computer. The rogue’s files are saved at ProgramData directory in a randomly named folder. The files themselves also have randomly generated names.

What is more, the rogue does everything to remain in the compromised system for as long as possible and in order to achieve that the fake AV disables services that are responsible for system’s security (Windows Security Center, Windows Update etc.). This way it lowers down the system security and it makes it easier for other infections to enter the target computer as well.

There is a way to tame Disk Antivirus Professional and it is possible to achieve by registering the rogue. Users can use the activation key below to do it:

AA39754E-715219CE

Simply click the registration icon and enter the code together with a random email address. Although registration does not terminate Disk Antivirus Professional, for a time being it cancels such infection symptoms as inability to load certain websites and fake security notifications presented below:

Disk Antivirus Professional Warning
Intercepting programs that may compromise your privacy and harm your system have been detected on your PC.
Click here to remove them immediately with Disk Antivirus Professional.

Disk Antivirus Professional Warning
Your PC is still infected with dangerous viruses. Activate antivirus protection to prevent data loss and avoid the theft of your credit card details.

Warning: Your computer is infected
Detected spyware infection!
Click this message to install the last update of security software…

Spyware.IEMonster activity detected. This is spyware that attempts to steal passwords from Internet Explorer, Mozilla Firefox, Outlook and other programs.
Click here to remove it immediately with Disk Antivirus.

Take note of the last message above. Spyware.IEMonster is a real computer threat, but it is not present in your system. Curiously enough, the same message has been displayed by most of the WinWebSec rogues, using Spyware.IEMonster as a scapegoat, in order to trick users into spending their money for nothing.

However, since none of the notifications above are real, there is no need to follow them (as in, pay money for Disk Antivirus Professional). Users must remove Disk Antivirus Professional as soon as possible to avoid system crash and money loss. Security experts suggest acquiring a legitimate antimalware tool for the removal, because manual removal might prove to be too difficult for an average computer user. Even if you do not register Disk Antivirus Professional, you can still proceed with the automatic removal. To do that, follow the instructions below:

  1. Open your Internet browser.
  2. Disk Antivirus Professional will display the following message:

    Warning! The site you are trying visit may harm your computer!
    Your security setting level puts your computer at risk!
    Activate Disk Antivirus Professional, and enable safe web surfing (recommended).
    Ignore warnings and visit that site in the current state (not recommended).

  3. Click “Ignore warnings and visit that site in the current state (not recommended)“.
  4. Access a computer security website.
  5. Download legitimate computer safeguard tool.
  6. Install the tool downloaded.
  7. Run the program and perform a full system scan to terminate Disk Antivirus Professional.

Do not hesitate to invest in a legitimate antimalware tool if you need to protect your system from such rogues as Disk Antivirus Professional.

Leave a Reply